SHA1 vs crypto doc

Hal Murray hmurray at
Sun Jan 7 07:09:37 UTC 2018

>> Looks like the shannn are blessed by FIPS 180-4
>> I'll update the doc to mention them.

> Better check to make sure the support is in place first.  I think I remember
> floating a patch for that only to have Daniel thumbs-down it and say he
> was going to do do that.

That turned into an interesting adventure.

I have found 3 ways to get a list of the supported digests.  The first is man 
dgst.  The second is from openssl help.  The 3rd is to try it.  ntpd prints 
an error message if the specified digest type isn't supported.  All 3 are 
different on any of the systems I've tried.

I've added attic/digest.c to print a summary of available digests.  (not 
pushed yet)

I haven't found a good reference to what FIPS likes.  In addition to FIPS 
140-2, there is FIPS 180-4 and FIPS 202.

These are my opinions.  I hate spam.

More information about the devel mailing list